Cachelogic Expired Domains Script 1.0 multiple security vulnerabilities
There are multiple security vulnerabilities in Cachelogic Expired Domains Script 1.0 which may allow a remote attacker to take control of the software.
Software
Software Link: Expired Domains Script 1.0
Vulnerable Version: <= 1.0
Vendor Notification:
# 2011-03-20 # Notified vendor CacheLogic.net
# 2011-03-20 # Vendor reply: confirmed
# 2011-03-20 # Additional details provided
# 2011-03-24 # Vendor released patch
Vulnerabilities
# Information Disclosure # Full Path Disclosure # <= 1.0 # Patched
The following proof of concept is available:
# Reflected Cross-Site Scripting (XSS) # <= 1.0 # Patched
The vulnerabilities are due to failure in "stats.php" to properly sanitize user-supplied data in the "name" and "ext" parameters.
The following proof of concept is available: